Skip to main content
Corridor’s Pull Request (PR) review feature acts as an automated security reviewer for your code changes. Whenever you open or update a PR, Corridor analyzes the diff for potential security issues and provides feedback directly in the PR.

Developer workflow

Treat Corridor’s comments like those from a human reviewer specialized in security:
  1. Understand the issue: Read the explanation and remediation guidance
  2. Push a fix: Push additional commits to address the problem. Corridor will re-check the PR on the new commit
  3. Handle false positives: If you believe it’s a false positive, mark it as such with feedback. This helps Corridor learn and helps the security team adjust guardrails
Once all issues are resolved, Corridor’s status check will turn green and you can merge knowing the security review is clear.

Configuration

PR review settings are found on the PR Reviews page → Configure (top right corner). See Connecting GitHub for initial setup.
SettingDescription
Enable Pull Request ReviewsAutomatically review pull requests for security vulnerabilities
Block PRs with Security FindingsPrevent merging pull requests that contain security vulnerabilities (blocks can still be overridden in GitHub). Corridor Team only
Review Verbosity ModeControl how inclusive the PR reviewer is when flagging potential security issues. Standard review mode provides a balanced approach between catching vulnerabilities and minimizing false positives
Leave Comments on Pull RequestsPost review comments directly on GitHub PRs
Disable Comments for Specific ReposPRs from selected repositories will still be reviewed but comments won’t be posted

Advanced settings

SettingDescription
Enable Draft PR ReviewsReview pull requests that are marked as draft
Only leave review comments on PRs with this labelOptionally restrict review comments to PRs with a specific label
Comment When No Issues FoundLeave a comment even when no vulnerabilities are detected
Enable Threat ModelingInclude threat model analysis with risk level and security considerations on all PRs

How it works

When a pull request is opened or updated:
  1. Webhook trigger: GitHub sends a webhook to Corridor
  2. Diff analysis: Corridor analyzes only the changed code, understanding context from the broader codebase
  3. Security review: The changes are evaluated against security best practices, known vulnerability patterns, and your guardrails
  4. Review posted: Findings appear directly on the PR with inline comments
  5. Status check: Optionally block the PR until issues are resolved
Corridor’s reviews are context-aware—not just pattern matching. The review understands your codebase structure, existing security patterns, and the purpose of the changes. Each finding includes specific remediation steps, not generic advice.

Review limits

TierPR Reviews
Pro100/month
Team100/dev/month
EnterpriseUnlimited
Developer count is based on unique developers interacting with Corridor—IDE users, dashboard users, and PR authors—in the given month.

Next steps

Findings

Track and manage security findings

Guardrails

Configure real-time security guardrails